|
From: | Eric Blake |
Subject: | Re: [Qemu-devel] [PATCH 1/1] sandbox: avoid to compile options if CONFIG_SECCOMP undefined |
Date: | Wed, 9 May 2018 07:48:46 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
On 05/08/2018 11:40 PM, Yi Min Zhao wrote:
I think it would bring a lot of changes if disable the entire -sandbox argument. Looking from current code, sandbox is a default qemu option group, and sandbox.enable is false by default unless you obviously define it with true.If seccomp is disabled, we should really disable the entire -sandbox argument, not merly the options to it.So, this patch is an easier way to fixup.
If the only thing you can do with -sandbox is turn it off (which is its default state), it's better to not advertise it at all in the first place. I agree with Daniel that it's better to cripple -sandbox from even being usable as a command-line argument if it isn't going to work, as that's easier to introspect.
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |